CVE-2026-0897: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
(updated )
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.12.0 and 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
References
- github.com/advisories/GHSA-xfhx-r7ww-5995
- github.com/keras-team/keras
- github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6
- github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb
- github.com/keras-team/keras/pull/21880
- github.com/keras-team/keras/pull/22081
- nvd.nist.gov/vuln/detail/CVE-2026-0897
Code Behaviors & Features
Detect and mitigate CVE-2026-0897 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →